Secure and practical passwords

Passwords are an essential part of life now, from carrying out the weekly shop, to accessing social media, to logging into your union website. The problem with passwords is that many people use the same one multiple times, or use an insecure one which is easy to guess.

We don’t have to wait long nowadays before we hear of yet another website where user details have been compromised. Most recently, Yahoo revealed in December that 1 billion user accounts had been breached, probably dating back to August 2013, making it the largest such security breach in history. Many other well-known and popular websites have also been hacked in recent years: eBay, LinkedIn and Adobe, to name just a few.

This can be particularly damaging when people always use the same password. In such cases, if unscrupulous hackers obtain a user’s email and password from one site, it is very easy for them to access other accounts which use the same login.

So what makes a secure password?

Technically speaking, the most powerful passwords are long, incomprehensible mixtures of special characters, numbers and mixed case letters. This is likely to foil a ‘brute force’ approach, where dictionaries are used to find combinations and variations of words. The problem with this technique is that the most powerful passwords are very difficult to remember.

A compromise approach is to use a technique that improves security but is also easy to remember. One example is to take a phrase or line from a favourite song, and then take the first letter of each word and combine them. Vary the case of the letters and add numbers and special characters where possible. For example, replace ‘I’ with an ‘!’, and ‘E’ with a ‘3’.

It’s advisable to add a variation to the password for each account. For example, for a Google account, add a ‘G’ and an ‘O’ into a certain segment of the password as well. This way, if a password is hacked, it will be different to the one you use on other services.

When two-step authentication is available, it also makes sense to use this facility. This is where just using the password is not enough – an additional check such as a code sent to your mobile is also required. Popular services, such as Google, Amazon, Microsoft and Twitter, now offer this facility, although you usually need to enable this in the settings.

It’s worth taking a few minutes to make sure your passwords are effective and unique for each site – it could save you a lot of trouble in the future.